Detection

Prevention

Protection

Correction

Web Application Penetration Testing

In this service we take a “Hacker” role to identify the security weakness of the application from the outsider point of view by using the same tools hackers use to perform an attacks against your application. Also a manual analysis of the application business flows is performed to identify possible security weaknesses that could lead to frauds and other abuses/crimes against the system that make companies lose money. Our value added on this service is we deliver an executive and detailed report without false positives as we exploit every single issue reported and with provide specific recommendations understandable to developers.

Secure Design/Architecture Analysis (Threat Modeling).

The security design analysis focuses on making sure all security controls are properly implemented on the different application layers, components, internal and external systems that interact with the application, with the aim of identifying potential vulnerabilities present that can affect the integrity, availability and security of the information contained on the application.

Source Code Review

The Security Code Review service provides a deeper analysis level by performing line by line review focused on identifying all occurrences of the security issues found on the critical application areas such as: authentication, authorization, data validation, sensitive data protection, error handling, etc.

Security Requirements Analysis

We help to identify security controls that each application must have in place, based on the functional requirements provided by the customer. This, to ensure the software is secure from it conception and meets and with any compliance requirement and international standards such as: OWASP, WebAppSec, SANS and others.

Security Guidance

Service focused on helping customers on creating customized policies, secure development standards, remediation guidelines, handouts and other types of publications that allow management and development teams to be effectively enforce, communicate and be informed on the best software security practices for their specific platforms and circumstances.

Secure Development Workshop

We help development teams to have a better understanding of the common vulnerabilities present on web applications and we provide them with best coding guidelines for secure software development for applications based on Java and .Net development technologies. During the various workshops contained on this workshop, developers put hands on best practices implementation to avoid common pitfalls on the implementation of security measures.

OWASP Top 10 Awareness

Course designed for managers and developers to recognize the top 10 risk found on web applications. this course focuses on showing real world demonstration on some of the issues to stand clear the consequences of not taking into account vulnerabilities related to these low-hanging-fruit security risks into developed or acquired software.

Secure Development Life Cycle Consultancy

We help customers on implementing their own software security program to either implement security practices on their internal software development life cycle or procurement process with outsource companies. Regardless the SDLC model (agile or traditional), we help to ensure the code is secure from the beginning of the development process, saving money spent on rework, costly third party reviews and helping on achieving compliance required.

Security Vulnerabilities Remediation

With the aim of ensuring the correct remediation of the vulnerabilities found on software, Borealix offers specialized vulnerability remediation for multiple platforms (web, mobile, client-server, etc.) and technologies (.NET, Java, PHP, etc.) with a guarantee of compliance with international standards such as OWASP, WebAppSec, SANS, etc.
This service applies only to small and medium sized projects and for projects, we have not previously reviewed due to the conflict of interest it represents, unless otherwise required and signed out by the customer.

How can we help you?

I got hacked!

I want a fast and moderated cost security analysis, in which I can identify the mayor security risk present on my application

I need a deep security analysis to identify all security vulnerabilities present on my application

I would like to implement a secure software development life cycle and I need some assitanece for its implementation

I need to implement security guidance and vulnerabilities remediation guides on my development life cycle

I need help to identify the security requirements for my application on the design process

I would like to know the security risks present on my application and on the components that interacts with

I need secure software development training for my developers and project managers

I need help on mitigating some security vulnerabilities on my application found on a security review made by a third party

I need to be in compliance with the PCI-DSS requirements stated on the section 6